User Accounts

User accounts are used for access to the College of Engineering network hosts and services. There are six types of accounts: undergraduate, graduate, faculty, staff, funded research, academic project, and non-engineering accounts. The accounts are created on the premise that once a user has an account, that account will be active as long as the user is enrolled in or employed by the College of Engineering.

Each account is assigned to one user. Each user may have one account for instructional use only. Additional accounts may be assigned to a user for funded research or non funded projects. No accounts are allowed to be shared. The user assigned to the account is responsible for all actions of the account.

Each account will belong to at least one group. The default group will be the department group for the user, or the project group. Additional group membership may be obtained for work groups, projects, etc.

An undergraduate account can be upgraded to a graduate account if the student is accepted into the College of Engineering graduate school. It is, however, the responsibility of the student to request the upgrade.

2.1 Types of Accounts

2.1.1. Undergraduate

Undergraduate students in engineering may be assigned an account for instructional use. All undergraduate files are deleted between quarters. It is the responsibility of the undergraduate user to backup and restore needed files. Network Services provides easy access to tape backup systems for this purpose.

2.1.2. Graduate

Graduate students in engineering may be assigned an account for instructional use. Disk space for each graduate student is provided by the respective academic department. File maintenance is the responsibility of the users in that department. Proposals for additional disk space should be made to the respective department head of computer coordinator.

2.1.3. Faculty

Engineering faculty may be assigned an account for instructional use. Disk space for faculty is handled in the same way as graduate disk space -- see above.

2.1.4. Staff

Engineering staff members may be assigned an account for instructional and administrative use. Disk space for the staff is handled in the same way as graduate disk space -- see above.

2.1.5. Funded research

Funded research accounts may be assigned to researchers and research assistants for research related use. There are charges for research use of services provided by Network Services. Contact the Network Services office for a current charge schedule.

2.1.6. Academic project

Academic project accounts may be assigned to College of Engineering faculty, staff, or students for non-funded academic use.

2.1.7. Non-engineering accounts

Accounts may be created for Auburn University students, faculty, and staff not in the College of Engineering. Such accounts may be required for students enrolled in engineering courses which require the use of College of Engineering network services. Non-engineering faculty and staff with a demonstrated need will be allocated an account.

2.2 Account States

Accounts have five distinct states of existence. These states indicate the activity of the account from its creation to its deletion.

2.2.1. Creation

When an account is created, the following items are established:

a unique username (also called userid). The username may be assigned based on an algorithm developed by the Division of University Computing. The assigned username may not be subsequently changed.

a random password

a unique e-mail address (username@eng.auburn.edu)

a home directory for storing the user's files

a user information sheet

The user information sheet is printed for each account upon its creation. The user information sheet contains the username, password, e-mail address, location of the home directory as well as other information useful to the novice user. The user information sheet must be picked up from Engineering Network Services and a signature is required.

2.2.2. Active

Once the user information sheet has been picked up, the account is considered active. Accounts will remain in the active state until one of the following criteria is met:

1. For all accounts:

1.1. the user has relinquished network privileges (i.e., upon graduation)1.2. the account is found to have been used for activities that violate any portion of this policy.1.3. the owner of the account has been found violating any portion of this policy1.4. the owner of the account is no longer employed by, enrolled at, or contracted by Auburn University

2. For student accounts:

2.1. the student has not been enrolled in the College of Engineering for two consecutive quarters2.2. the student has otherwise withdrawn from Auburn University2.3. the non-engineering student who is no longer enrolled in an engineering course

3. For faculty/staff accounts:

3.1. the faculty/staff member is no longer employed by College of Engineering

4. For funded research/academic project accounts:

4.1. the research/project has terminated

5. For non-engineering accounts:

5.1. the end of the current quarter; these accounts may be reactivated the following quarter if needed

2.2.3. Pending delete

Active accounts are changed to the pending delete state prior to deletion. The pending delete state is an intermediate step between an active account and a deleted account. In the pending delete state, all network access will be denied and electronic mail addressed to the account will be returned to the sender. Some files may be archived and deleted. An account may be reactivated from the pending delete state.

2.2.4. Deleted

When an account is deleted, the username will be considered unused and all files belonging to the user will be deleted. Electronic mail sent to the user will be rejected.

2.2.5. Temporary restrictions

On occasion an account may be temporarily restricted. There are many reasons why this may occur ranging from misuse of network resources, to important information that needs to be given to the user before they attempt to login again. Upon successful login, the user will see a short message to the effect of "please see the system administrator" and the user will be immediately logged out. In most cases, once a meeting with the systems administrator is completed, the account is reinstated.

2.3 Sharing Accounts

Any abusive activities initiated from your account will be traced back to you and you will be held accountable. The behavior of someone with whom you have shared your account becomes your responsibility. If the abuse is such that network privileges are terminated, it is you who will suffer. It is, therefore, policy that College of Engineering network accounts are not to be shared. Each account has one user. Each user can have more than one account. But NO account can have more than one user. If users wish to share information or otherwise collaborate in a group, then the users shall use appropriate file permissions combined with optional group membership to share data.

2.4 Password Selection

Perhaps the most vulnerable part of any computer system is the account password. Any computer system, no matter how secure it is from network or dial-up attack, Trojan horse programs, and so on, can be fully exploited by intruders who can gain access via a poorly chosen password. It is important to select a password that is not easily guessed and to not share the password with ANYONE.

Here are some rules for choosing a good password:

DON'T use any variation of your login name (i.e., reversed, capitalized, doubled, etc.)

DON'T use any variation of your first, middle, or last name

DON'T use your spouse's or child's name; this information is easier to obtain than you might think

DON'T use other information easily obtained about you; this includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, the room number or building in which you work, etc.

DON'T use a password of all digits

DON'T use a password of all the same letters

DON'T use a word contained in English or foreign language dictionaries, spelling lists or commonly digitized texts such as the Bible or encyclopedia

DON'T use a password shorter than six characters

DON'T use a colon in your password

DO use a password with mIXeD-CasE alphabetics

DO use a password with non-alphabetic characters (digits or punctuation)

DO use a password that is easy to remember, so you don't have to write it down

DO use a password that you can type quickly, without having to look at the keyboard

Methods of selecting a password which adhere to these guidelines include:

choosing a line or two from a song or poem, and using the first letter of each word

alternating between one consonant and one or two vowels, up to seven or eight characters This provides nonsense words which are usually pronounceable, and thus easily remembered

choose two short words and concatenate them together with a punctuation character between them (all standard keyboard characters are valid password characters (except :) including: !@#$%^&*()_+-=[]{};'`"~,./>

2.5 Change Your Password

Users should change their password periodically, usually every three months. Changing your password periodically will frustrate even the most patient intruder.

It is your responsibility to change your password. To change your password, click on the appropriate icon on your PC desktop or point your web browser to https://imapssl.eng.auburn.edu/passwd.php3. This will prompt you for your old password and then your new password. The current password program will force you to use an uppercase, a lowercase and a numeric or symbol character. If the change has been accepted, you will see a message saying something to the effect of "password change successful". At this point, your password has been changed.

Note that the passwords are updated across the network only once every 10 minutes. Therefore, it may take up to 10 minutes for the change to appear at your local machine.

2.6 Determine Account Misuse

Often users are the first persons to detect unauthorized use of their account. If this occurs, please notify the system administrators immediately. There are several ways to detect unauthorized use of your account:

when you login to a Sun workstation, you will see a message stating when you last logged in and where you logged in at. If the date is wrong or the location is wrong, then someone may have misused your account

if strange files appear or disappear in your directories

if you enable command history and note that history contains commands you did not execute

if you get mail from someone referring to a mail message you did not send

2.7 Account Request

Requests for accounts or changing account information can be made to Engineering Network Services in 103 L Building during normal work hours. The requests are typically processed in the morning with one day turnaround

2.7.1. Requesting a new account

Users must request a new account by completing a New Account Request form. Information must include:

proof of current enrollment or employment

student or employee identification number

student or employee classification

curriculum or department

The application for new account requires that the user sign an agreement stating that the user understands and will abide by all policies regarding the use of the Auburn University College of Engineering network.

2.7.2. Requesting additional group membership

Many times users need to work together on projects. If a group of users wishes to share data only among themselves they can become members of a new group. Any user can belong to a maximum of eight groups. Requests for new groups can be made with proper justification of the purpose of the group and identification of a user who will be responsible for who the group members will be, and the deletion of the group after the project is completed.

2.7.3. Allowing group access to a file

Each file is owned by a user and a group. To allow group access to a file, the file must have group permissions on, and be owned by the target group. To change permissions use the command "chmod"; to change the group owner use the command "chgrp" (the group owner can only be changed by user owning the file).

2.7.4. Requesting a new password

Sometimes users forget their password. If this happens, a new password can be generated for the account. The Request for New Password form requires proof of enrollment/employment and photo identification (preferably a student or employee ID).